IT Security Newsletter - 5/3/2024
Congress grills UnitedHealth CEO over Change cyberattack
Legislators slammed UnitedHealth Group CEO Andrew Witty over the cyberattack on subsidiary Change Healthcare at two Congressional hearings on Wednesday, raising concerns about the technology firm's lack of cybersecurity and the potentially huge breach of Americans' health data. "This hack could have been stopped with cybersecurity 101," said Sen. Ron Wyden, D-Ore., during a hearing in the Senate Committee on Finance. READ MORE...
DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn
North Korean hackers are taking advantage of weak DMARC configurations to impersonate organizations in phishing attacks against individuals of strategic significance to the Kim Jong Un regime. DMARC, short for Domain-based Message Authentication, Reporting & Conformance, is a security protocol for preventing email-based attacks. Unlike most security solutions, however, which potential victims implement for themselves, DMARC policies are set by email senders. READ MORE...
April updates for Windows 10 and 11 break some VPN software, Microsoft says
Microsoft is currently investigating a bug in its most recent batch of Windows 10 and Windows 11 updates that is preventing some VPN software from working properly. The company updated its list of known Windows issues to say that it has recreated the issue on its end and that it's currently working on a fix. The VPN issue affects all currently supported versions of Windows. READ MORE...
Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals
The botnet of hijacked Ubiquiti routers used by Russia-linked APT28 to conduct global espionage operations consists of more than just Ubiquiti devices, Trend Micro reports. A cyberespionage group linked to Russia's Main Intelligence Directorate of the General Staff (GRU), APT28 - also tracked as Forest Blizzard and Pawn Storm - had been using the network of small office/home office (SOHO) Ubiquiti Edge OS routers for years before the US dismantled it in January 2024. READ MORE...
Indonesia sneakily buys spyware, claims Amnesty International
Indonesia has acquired spyware and surveillance technologies through a "murky network" that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to Amnesty International. The human rights org alleged its investigation showcased "the continued failure of multiple countries to regulate and provide transparency on the exports of dual-use technologies, such as spyware." READ MORE...
Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters
A Europol-led operation dubbed "Pandora" has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more than €10 million (£8.6 million, $11 million). The criminal network, which operated call centers in Albania, Bosnia-Herzegovina, Kosovo, and Lebanon, was responsible for "thousands" of daily scam calls, including fake police calls, investment scams, and romance cons. READ MORE...
CEO who sold fake Cisco devices to US military gets 6 years in prison
Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. The 40-year-old Florida man was arrested in Miami on June 29, 2022, and was charged the same day with multiple counts of trafficking counterfeit goods and committing mail and wire fraud. READ MORE...
CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities
The US cybersecurity agency CISA and the FBI on Thursday released a Secure by Design Alert warning of path traversal software vulnerabilities being exploited in attacks targeting critical infrastructure entities. Also known as directory traversal, path traversal flaws rely on manipulated user input to access application files and directories that should not be accessible. READ MORE...
Microsoft warns of "Dirty Stream" attack impacting Android apps
Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. The flaw arises from the improper use of Android's content provider system, which manages access to structured data sets meant to be shared between different applications. READ MORE...
- ...in 1919, folk singer/songwriter Pete Seeger ("Where Have All the Flowers Gone?", "If I Had a Hammer") was born in Patterson, NY.
- ...in 1935, late-night TV pitchman and inventor Ron Popeil, of Veg-O-Matic and Pocket Fisherman fame, was born in New York City.
- ...in 1952, the Kentucky Derby is shown on national television for the first time.
- ...in 2003, New Hampshire's famous "Old Man of the Mountain" rock formation collapses in a rockslide.